Comment by bryanrasmussen
3 years ago
>Why is it relevant whether the traffic is human or automated?
because all traffic costs for the service provider, but the automated traffic can be run at thousands of users cheaper than it is to run one human user (who after all is bounded by time and cost of computation and bandwidth) whereas the automated is not bound by time, giving them the opportunity to DOS you - either on purpose or just accidentally.
But the solution for this is a rate limit, not captcha. The real reason they care about "human traffic" is because bots don't buy stuff.
Rate limits do all of bupkis against a botnet. It's not possible to assume that each one IP or connection is one person. The crux that all of these initiatives like remote attestation are trying to solve is that as it is, one person may command tens of thousands of connections, and from a server-standpoint, there's really not much you can do to allocate resources fairly.
you're the first person to say anything about Captcha? The guy who started this argument needing some way to sort out human traffic operates a free service and is complaining the bot traffic makes it hard to offer a free service since bots cost money.
By captcha I meant "telling computers and humans apart", not necessarily a particular implementation.
Why are you focusing on bot traffic? Doesn't human traffic also cost money? Who operates bots and why?
1 reply →